From 08a85f7d8da419e4413e76a39d5e79207fa8fa71 Mon Sep 17 00:00:00 2001 From: William P Date: Sun, 15 Jun 2025 19:18:21 -0400 Subject: [PATCH] add gitea --- gitea/Chart.yaml | 28 ++++++++ gitea/values.yaml | 162 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 190 insertions(+) create mode 100644 gitea/Chart.yaml create mode 100644 gitea/values.yaml diff --git a/gitea/Chart.yaml b/gitea/Chart.yaml new file mode 100644 index 0000000..05ec9b9 --- /dev/null +++ b/gitea/Chart.yaml @@ -0,0 +1,28 @@ +apiVersion: v2 +name: gitea +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: "1.0" + +dependencies: +- name: gitea + version: 12.0.0 + repository: https://dl.gitea.com/charts/ \ No newline at end of file diff --git a/gitea/values.yaml b/gitea/values.yaml new file mode 100644 index 0000000..078e022 --- /dev/null +++ b/gitea/values.yaml @@ -0,0 +1,162 @@ +gitea: + ingress: + enabled: true + hosts: + - host: gittest.dubyatp.xyz + paths: + - path: / + tls: + - secretName: cert-dubyatp-xyz + hosts: + - git.dubyatp.xyz + persistence: + enabled: true + create: true + mount: true + claimName: gitea-shared-storage + size: 50Gi + accessModes: + - ReadWriteMany + storageClass: weyma-shared + deployment: + env: + - name: GITEA__database__PASSWD + valueFrom: + secretKeyRef: + key: password + name: gitea-db-auth + - name: GITEA__mailer__PASSWD + valueFrom: + secretKeyRef: + key: smtp_apikey + name: gitea-secrets + - name: GITEA__security__INTERNAL_TOKEN + valueFrom: + secretKeyRef: + key: internal_token + name: gitea-secrets + - name: GITEA__security__SECRET_KEY + valueFrom: + secretKeyRef: + key: secret_key + name: gitea-secrets + - name: GITEA__oauth2__JWT_SECRET + valueFrom: + secretKeyRef: + key: oauth2_jwt + name: gitea-secrets + gitea: + admin: + passwordMode: initialOnlyNoReset + config: + database: + DB_TYPE: postgres + HOST: weyma-pgsql-rw.cloudnativepg.svc.cluster.local + NAME: gitea + USER: gitea + server: + DISABLE_SSH: false + DOMAIN: git.dubyatp.xyz + ENABLE_PPROF: false + ROOT_URL: https://git.dubyatp.xyz + SSH_DOMAIN: git.dubyatp.xyz + SSH_LISTEN_PORT: 22 + SSH_PORT: 22 + START_SSH_SERVER: true + OFFLINE_MODE: false + service: + DISABLE_REGISTRATION: true + webhook: + ALLOWED_HOST_LIST: "drone.infra.dubyatp.xyz,argocd.infra.dubyatp.xyz,discord.com,10.0.0.0/8" + mailer: + ENABLED: true + FROM: gitea@em3532.williamtpeebles.com + PROTOCOL: smtps + SMTP_ADDR: smtp.sendgrid.net + SMTP_PORT: 465 + USER: apikey + security: + INSTALL_LOCK: true + extraDeploy: + - apiVersion: v1 + kind: Secret + metadata: + name: cert-dubyatp-xyz + annotations: + replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz" + replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key" + data: + tls.crt: "" + tls.key: "" + - apiVersion: external-secrets.io/v1 + kind: ExternalSecret + metadata: + name: gitea-db-auth + spec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: cloudnativepg + metadataPolicy: None + property: gitea_pw + secretKey: password + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: weyma-vault + target: + creationPolicy: Owner + deletionPolicy: Retain + name: gitea-db-auth + - apiVersion: external-secrets.io/v1 + kind: ExternalSecret + metadata: + name: gitea-secrets + spec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: gitea + metadataPolicy: None + property: internal_token + secretKey: internal_token + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: gitea + metadataPolicy: None + property: oauth2_jwt + secretKey: oauth2_jwt + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: gitea + metadataPolicy: None + property: secret_key + secretKey: secret_key + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: gitea + metadataPolicy: None + property: smtp_apikey + secretKey: smtp_apikey + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: gitea + metadataPolicy: None + property: gitea_admin + secretKey: gitea_admin + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: weyma-vault + target: + creationPolicy: Owner + deletionPolicy: Retain + name: gitea-secrets + postgresql-ha: + enabled: false \ No newline at end of file